Google’s cybersecurity researchers have finally disclosed details and proof-of-concept exploits for 4 out of 5 security vulnerabilities that could allow remote attackers to target Apple iOS devices just by sending a maliciously-crafted message over iMessage. All the vulnerabilities, which required no user interaction, were responsibly reported to Apple by Samuel Groß and Natalie Silvanovich of Google Project Zero, which the company patched just last week...
Read More
New research has revealed the truly shocking state of Android phone security. The source of that security problem may well come as a surprise: antivirus apps designed to protect devices and users. Researchers at testing specialists Comparitech found that apps with more than 28 million installs between them were presenting attack paths and opportunities to threat actors looking to exploit vulnerabilities on the Android platform....
Read More
Side-channel attacks are some of the scariest exploits ever. They don’t usually exploit vulnerabilities in code, they exploit the fundamental implementation of computer systems themselves. Therefore, they’re often hardware-based. Dynamic random-access memory, or DRAM for short, is one of the most common types of memory found in modern computers used by both consumers and businesses. For example, the memory in an x86-64 based PC, such...
Read More
Cisco published last week four guides designed to help incident responders in investigating Cisco gear they suspect has been hacked or otherwise compromised. The guides include step-by-step tutorials on how to extract forensic information from the hacked gear while keeping the data integrity’s intact. Four guides have been made available, for four of Cisco’s major software platforms: Cisco ASA (Adaptive Security Appliance) — software running on...
Read More
Earlier this month, The Hacker News covered a story on research revealing how over 1300 Android apps are collecting sensitive data even when users have explicitly denied the required permissions. The research was primarily focused on how app developers abuse multiple ways around to collect location data, phone identifiers, and MAC addresses of their users by exploiting both covert and side channels. Now, a separate team of...
Read More
